BugTraq Mode:
(Page 6 of 1615)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Enhanced SQL Portal 5.0.7961 XSS Vulnerability 2015-06-02
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt

Vendor:
www.eliacom.com
www.eliacom.com/mysql-gui-download.php

Product:
Enhanced SQL Portal 5.0.7961 web based MySQL administration appli

[ more ]  [ reply ]
Freebox OS Web interface 3.0.2 XSS, CSRF 2015-06-01
huyngocbk gmail com
Hello list,

Here are two CVEs I reported to Freebox, a french ISP:
- CVE-2014-9382 - CSRF in VPN user account creation
- CVE-2014-9405 - XSS

Vulnerable product: Freebox OS Web interface 3.0.2.

CVE-2014-9382 - CSRF in Freebox OS Web interface 3.0.2 allowing VPN user account creation
===========

[ more ]  [ reply ]
t2'15: Call for Papers 2015 (Helsinki / Finland) 2015-06-01
Tomi Tuominen (tomi tuominen t2 fi)
#
# t2'15 - Call For Papers (Helsinki, Finland) - October 29 - 30, 2015
#

Why spend your valuable conference time in the longest lines you have seen in your life, getting a sun burn or totally lost in the canals with your rental boat, being deprived of chewing gum or waking up in Nong Palai without

[ more ]  [ reply ]
CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] 2015-06-01
pan vagenas gmail com
# Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://wpmembership.e-plugins.com/
# Software Link: http://codecanyon.net/item/wp-membership/10066554
# Version: 1.2.3
# Tested on: WordPress 4.2.2
# CVE: CVE-201

[ more ]  [ reply ]
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] 2015-06-01
pan vagenas gmail com
# Exploit Title: CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://wpmembership.e-plugins.com/
# Software Link: http://codecanyon.net/item/wp-membership/10066554
# Version: 1.2.3
# Tested on: WordPress 4.2.2
# CV

[ more ]  [ reply ]
WebDrive Buffer OverFlow PoC 2015-06-01
banana88 inbox com
#!/usr/bin/python
#Exploit Title:WebDrive Buffer OverFlow PoC
#Author: metacom
#Vendor Homepage: http://www.webdrive.com/products/webdrive/
#Software Link: https://www.webdrive.com/products/webdrive/download/
#Version: 12.2 (build # 4172) 32 bit
#Date found: 31.05.2015
#Date published: 31.05.201

[ more ]  [ reply ]
Ektron CMS 9.10 SP1 - XSS Vulnerability 2015-05-31
jerold v00d00sec com
# Vulnerability type: Cross-site Scripting
# Vendor: http://www.ektron.com/
# Product: Ektron Content Management System
# Affected version: =< 9.10 SP1 (Build 9.1.0.184.1.102)
# Patched version: 9.10 SP1 (Build 9.1.0.184.1.114)
# Credit: Jerold Hoong

# PROOF OF CONCEPT (XSS)

Cross-site scripting

[ more ]  [ reply ]
Ektron CMS 9.10 SP1 - CSRF Vulnerability 2015-05-31
jerold v00d00sec com
# Vulnerability type: Cross-site Request Forgery
# Vendor: http://www.ektron.com/
# Product: Ektron Content Management System
# Affected version: =< 9.10 SP1 (Build 9.1.0.184.1.114)
# Patched version: 9.10 SP1 (Build 9.1.0.184.1.120)
# CVE ID: CVE-2015-3624
# Credit: Jerold Hoong

# PROOF OF CONCEP

[ more ]  [ reply ]
[SECURITY] [DSA 3276-1] symfony security update 2015-05-31
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3276-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ David Prevot
May 31, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3269-2] postgresql-9.1 regression update 2015-05-31
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3269-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
May 31, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3275-1] fusionforge security update 2015-05-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3275-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
May 30, 2015

[ more ]  [ reply ]
[security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04521018

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04521018
Version: 1

HPSBMU03223 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04571454

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04571454
Version: 2

HPSBMU03261 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03267 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04576624

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04576624
Version: 2

HPSBMU03267 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04574073

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04574073
Version: 3

HPSBMU03263 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04676133

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04676133
Version: 1

HPSBGN03332 r

[ more ]  [ reply ]
JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities 2015-05-29
apparitionsec gmail com
Credits: John Page ( hyp3rlinx )
Domains: hyp3rlinx.altervista.org

Source:
http://hyp3rlinx.altervista.org/advisories/AS-JSPMYADMIN0529.txt

Vendor:
code.google.com/p/jsp-myadmin

Product:
JSPAdmin 1.1 is a Java web based MySQL database management system.

Advisory Information:
=================

[ more ]  [ reply ]
[SECURITY] [DSA 3274-1] virtualbox security update 2015-05-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3274-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
May 28, 2015

[ more ]  [ reply ]
[security bulletin] HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege 2015-05-28
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04692275
Version: 1

HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy
Setup Wizard, Local Unauthorized Access, Elevation of Privilege

NOTICE: The information in this Sec

[ more ]  [ reply ]
Audacity 2.0.5 contains Arbitrary DLL Injection Code Execution 2015-05-28
mystyle_rahul yahoo co in
A local dll injection vulnerability has been discovered in the official Audacity 2.0.5.
Since the program is not specified with a fully qualified path name the program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user cont

[ more ]  [ reply ]
[SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices 2015-05-28
Gergely Eberhardt (gergely eberhardt search-lab hu)
Overwiew
--------
SEARCH-LAB performed an independent security assessment on four
different D-Link devices. The assessment has identified altogether 53
unique vulnerabilities in the latest firmware (dated 30-07-2014).
Several vulnerabilities can be abused by a remote attacker to execute
arbitrary co

[ more ]  [ reply ]
DbNinja 3.2.6 Flash XSS Vulnerabilities 2015-05-28
apparitionsec gmail com
# Exploit Title: DbNinja Flash XSS Exploit
# Google Dork: intitle: Flash XSS
# Date: May 27, 2015
# Exploit Author: John Page (hyp3rlinx)
# Website: hyp3rlinx.altervista.org
# Vendor Homepage: www.dbninja.com
# Software Link: www.dbninja.com
# Version: 3.2.6
# Tested on: Windows 7
# Category: Flash

[ more ]  [ reply ]
DbNinja 3.2.6 Flash XSS Vulnerabilities 2015-05-28
apparitionsec gmail com
# Exploit Title: DbNinja Flash XSS Exploit
# Google Dork: intitle: Flash XSS
# Date: May 27, 2015
# Exploit Author: John Page (hyp3rlinx)
# Website: hyp3rlinx.altervista.org
# Vendor Homepage: www.dbninja.com
# Software Link: www.dbninja.com
# Version: 3.2.6
# Tested on: Windows 7
# Category: Flash

[ more ]  [ reply ]
[Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement 2015-05-27
Onapsis Research Labs (research onapsis com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information
Disclosure via SQL IMPORT FROM statement

1. Impact on Business
=====================

Under certain conditions some SAP HANA Database commands could be
abused by a remote authenticated a

[ more ]  [ reply ]
[Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability 2015-05-27
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security AdvisoryONAPSIS-2015-007: SAP HANA Log Injection
Vulnerability

1. Impact on Business
=====================

Under certain conditions the SAP HANA XS engine is vulnerable to
arbitrary log
injection, allowing remote authenticated attack

[ more ]  [ reply ]
Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability 2015-05-27
David Coomber (davidcoomber infosec gmail com)
Thycotic Password Manager Secret Server iOS Application - MITM SSL
Certificate Vulnerability
--
http://www.info-sec.ca/advisories/Thycotic-SecretServer.html

Overview
"With the Password Manager Secret Server app, you can access passwords
for an EXISTING on-premise Secret Server or Secret Server Onli

[ more ]  [ reply ]
[SECURITY] [DSA 3268-2] ntfs-3g security update 2015-05-26
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3268-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
May 26, 2015

[ more ]  [ reply ]
CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS] 2015-05-26
pan vagenas gmail com
# Exploit Title: WordPress Free Counter Plugin [Stored XSS]
# Date: 2015/05/25
# Exploit Author: Panagiotis Vagenas
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://www.free-counter.org
# Software Link: https://wordpress.org/plugins/free-counter/
# Version: 1.1
# Tested on: WordPr

[ more ]  [ reply ]
[SECURITY] [DSA 3273-1] tiff security update 2015-05-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3273-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2015

[ more ]  [ reply ]
Synology Photo Station multiple Cross-Site Scripting vulnerabilities 2015-05-25
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Synology Photo Station multiple Cross-Site Scripting vulnerabilities
------------------------------------------------------------------------

Han Sahin, May 2015

----------------------------------------------------------------

[ more ]  [ reply ]
(Page 6 of 1615)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus